CBA says the $624 million money laundering issue was caused by a tiny software update

Photo: Harold Cunningham/ Getty Images.

The Commonwealth Bank says its current legal problem over allegations of allowing money laundering, which potentially could see Australia’s largest company facing massive fines, started with a simple software problem with its ATMs.

Australia’s largest company says: “In an organisation as large as Commonwealth Bank, mistakes can be made. We know that because we are a big organisation, these mistakes can have significant impact.”

Last week Australia’s financial intelligence and regulatory agency, AUSTRAC, took the Commonwealth to the Federal Court claiming the bank breached the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act over combined cash deposits of $624.7 million.

The bank, in a statement this morning, says the issue began after an unrelated software update to Intelligent Deposit Machines, the latest ATMs, in late 2012.

A coding error meant the ATMs did not create reports when deposit amounts exceeded $10,000, the level at which transactions need to be reported to authorities.

“This error became apparent in 2015 and within a month of discovering it, we notified AUSTRAC ,” the bank says.

AUSTRAC alleges more than 53,700 contraventions and says the Commonwealth didn’t take steps to assess the risks of intelligent deposit machines until mid-2015, three years after they were introduced.

On the potential fines associated with the breaches, the Commonwealth says the alleged contraventions could be considered to arise from a single course of conduct, a systems error.

Late lodgement of transaction reports carries a penalty of up to $18 million, meaning that in theory the bank could be fined that amount for each late transaction report, adding up to more than $966 billion.

“Ultimately, a court will seek to ensure that, overall, any civil penalties are just and appropriate and do not exceed what is proper having regard to the totality of established contraventions,” the bank says.

“Under the Act, the only mechanism available to AUSTRAC to secure a pecuniary penalty from CBA is by taking court action.

“What we can say about those proceedings is limited until they have run their course.

“In the meantime, CBA remains committed to continuously improve its compliance with the AML/CTF Act and will continue to keep AUSTRAC abreast of those efforts.”

Today Commonwealth Bank CEO Ian Narev says he’s focused on doing his job and has no intention of stepping down. “Right now, I’m focused on doing my job and am not spending any time on thinking about my own position,” he says.

Here’s the full statement from the Commonwealth:

    We respect greatly the role AUSTRAC plays in keeping Australians safe. To that end, we work closely with AUSTRAC as well as the Australian Federal Police and other authorities.

    AUSTRAC filed legal proceedings on Thursday and we are taking these very seriously. We have been working our way carefully through the statement of claim. While legal proceedings limit the detail we are able to provide, we acknowledge the public interest in this matter, and are committed to being as open as we can with updates to all our stakeholders.

    We have already said we will file a statement of defence. We do not intend to litigate this matter publicly; our responses have been made in consideration of the desire for greater information by our people, shareholders, customers and the community.

    There has already been extensive public discussion and because of the complexity of the matter, some facts are worth clarifying.

    Our Intelligent Deposit Machines (IDMs) are now providing the correct Threshold Transaction Reports (TTRs) to AUSTRAC, and have been since September 2015.

    When we first rolled out these machines in May 2012, they were providing all the correct TTR reporting. The issue began after an unrelated software update to the IDMs in late 2012. Following the software update, a coding error occurred which meant the IDMs did not create the TTRs needed. This error became apparent in 2015 and within a month of discovering it, we notified AUSTRAC, delivered the missing TTRs and fixed the coding issue. The vast majority of the reporting failures alleged in the statement of claim (approximately 53,000) relate specifically to this coding error. We recognise that there are other serious allegations in the claim unrelated to the TTRs.

    In an organisation as large as Commonwealth Bank, mistakes can be made. We know that because we are a big organisation, these mistakes can have significant impact.

    We need to be ever more vigilant in the area of financial crime and anti-money laundering. The rapid evolution of technology in banking, the increased sophistication of criminal activity, and higher regulatory expectations together create an imperative to continuously raise our standards. We have increased our investment in people, technology and processes through a program designed not only to address existing weaknesses, but also to meet the growing complexity in this area. This work continues today.

    We continue to have an ongoing cooperative relationship with AUSTRAC and have kept them abreast of proactive steps we have taken to further enhance our compliance program and operations.

NOW WATCH: Money & Markets videos

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.